All posts tagged Privacy and Security

When Policy and Care Collide: Part Two

Navigating State Health Data Laws Without Compromising Patient Safety

By the EHR Association Patient Safety and Public Policy Leadership Workgroups

In Part One of this series, we examined the policy implications of the labyrinth of state-level privacy and consent regulations and their effects on physicians and other clinicians, health IT developers, and patients. In Part Two, we look at the challenges clinicians face in complying with diverse state laws while maintaining patient safety.

The core of the Hippocratic Oath, as taken by physicians, is to “advocate for the sick, respect patient confidentiality, and abstain from harm.” What Hippocrates could not have predicted, however, was the critical role that patient information would play in enabling physicians and other clinicians to fulfill their obligations and commitments to provide care and to do no harm. 

Restricting appropriate access to, or exchange of, essential health information can impair a clinician’s ability to provide safe and effective care. Conversely, exposing sensitive patient information beyond the care team may compromise confidentiality and introduce complications for the patient. Interestingly, these are two sides of the same coin: policy requirements that could pose potential risks to patient safety. 

(more…)
Leave a comment
by EHR Association on March 17, 2026  •  Permalink
Posted in Health IT Regulation
Tagged , , ,

Posted by EHR Association on March 17, 2026

https://ehrablog.org/2026/03/17/when-policy-and-care-collide-part-two/

When Policy and Care Collide: Part One

Balancing Patient Consent with Patient Safety

By the EHR Association Patient Safety and Public Policy Leadership Workgroups

Navigating the tug-of-war between federal and state regulations has long been a challenge in health care and other industries. Now, with the ubiquity of health data creating both new opportunities and risks, that challenge has never been greater. This dual framework requires healthcare organizations and their technology partners to track and balance confusing and sometimes conflicting compliance efforts, adding administrative burden to the system as a whole and, in some cases, increasing the risk of adverse patient safety events.

(more…)
Leave a comment
by EHR Association on March 5, 2026  •  Permalink
Posted in Health IT Regulation
Tagged , , ,

Posted by EHR Association on March 5, 2026

https://ehrablog.org/2026/03/05/when-policy-and-care-collide-part-one/

Cybersecurity Awareness Month: Key Cybersecurity Controls and Practical Challenges

By the EHR Association’s Privacy & Security Workgroup

Health care faces several security risks that make a focus on cybersecurity particularly critical. In particular, the industry is challenged by dual threats: highly valuable patient data (worth more on the black market than financial data at this point) and system interdependencies that directly introduce additional risk. A single cyber incident can disrupt hospital operations, delay treatments, and even jeopardize patient safety. 

(more…)
2 Comments
by EHR Association on October 28, 2025  •  Permalink
Posted in Privacy and Security
Tagged , , , , ,

Posted by EHR Association on October 28, 2025

https://ehrablog.org/2025/10/28/cybersecurity-awareness-month-key-cybersecurity-controls-and-practical-challenges/

Cybersecurity Awareness Month 2025: The State of Healthcare’s Cybersecurity

By the EHR Association’s Privacy & Security Workgroup

Healthcare cybersecurity risks have surged to unprecedented levels over the 22 years since the HIPAA Security Rule was first implemented—and the 12 years since its last update. 

According to the HIPAA Wall of Shame,  of the 614 data breaches reported in 2013, 43% (269) affected the healthcare industry. That was the first year since 2005 that the healthcare sector ranked higher than business in terms of the number of data breaches. At 9 million, healthcare also recorded the second-highest number of affected individuals. 

(more…)
Leave a comment
by EHR Association on October 15, 2025  •  Permalink
Posted in Privacy and Security
Tagged , ,

Posted by EHR Association on October 15, 2025

https://ehrablog.org/2025/10/15/cybersecurity-awareness-month-2025-the-state-of-healthcares-cybersecurity/

EHRA Statement on 2025 Cybersecurity Awareness Month

October is Cybersecurity Awareness Month. The 2025 theme is “Building a Cyber Strong America,” highlighting the need to strengthen the country’s infrastructure against cyber threats and ensure resilience and security. In recognition of healthcare’s rising threat profile and the urgent need to shore up cybersecurity industry-wide, the EHR Association shares the following statement:

Cybersecurity Awareness Month is an ideal opportunity to highlight the healthcare industry’s unique security risks, in particular the dual threat we collectively face from the highly valuable patient data held in our health IT systems, as well as the critical dependencies that directly impact patient care. Health data is a top target for nefarious actors, and a single cyber incident can cause lasting harm by disrupting operations, delaying treatments, and jeopardizing lives. To reduce the industry’s risk profile, the EHR Association advocates for stronger protections and realistic, risk-based implementations of security safeguards that enhance resilience without overwhelming resource-constrained hospitals, health systems, and other provider organizations.

– EHR Association Privacy & Security Workgroup

Leave a comment
by EHR Association on October 1, 2025  •  Permalink
Posted in Privacy and Security
Tagged ,

Posted by EHR Association on October 1, 2025

https://ehrablog.org/2025/10/01/ehra-statement-on-2025-cybersecurity-awareness-month/

HIPAA Security Rule Part Three: Risk-Based and Industry-Aligned Approaches Recommended

By the EHR Association Privacy & Security Workgroup

This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule. Part one focused on our overarching concerns and issues with proposed definitions. Part two and this installment highlight our concerns with OCR’s proposed expectations. 

The HIPAA Security Rule is overdue for modernization, given the rapid pace of technological change and increasing cybersecurity threats. While we support OCR’s intent to strengthen protections for electronic protected health information (ePHI), our analysis of the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information raised concerns and questions we hope will be addressed before finalization.

(more…)
Leave a comment
by EHR Association on May 9, 2025  •  Permalink
Posted in Health IT Regulation, Privacy and Security
Tagged , , , ,

Posted by EHR Association on May 9, 2025

https://ehrablog.org/2025/05/09/hipaa-security-rule-part-three-risk-based-and-industry-aligned-approaches-recommended/

« Older Posts

  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 198 other subscribers

  • Contact Us

    Kasey Nicholoff
    staff @ ehra.org

    Amanda Patanow
    Communications and Media
    ehracomms @ npccs.com